<?php
session_start();
try {
    if (!$_GET['xh']) throw new Exception('必须要提供删除记录的学号信息');
    $hasRight = $_SESSION['user']['xh'] === $_GET['xh'] || $_SESSION['user']['isAdmin'];
    if (!$hasRight) throw new Exception('Sorry,你没有删除他人记录的权限。');
    $db = new PDO("mysql:host=localhost; dbname=db2;", 'root', '123456');
    $db -> setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    $db -> prepare('delete from students where xh = ?') -> execute(array($_GET['xh']));
    //if ($ps->rowCount() === 0) throw new Exception('没有成功删除记录');
    header('Location: index.php') or die();
} catch (Throwable $e) {
    $msg = $e -> getMessage();
}
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>删除用户</title>
    <style>
        h1 {
            color: red;
        }
    </style>
</head>
<body>
<h1>删除用户</h1>
<div class="msg"><?= $msg ?></div>
</body>
</html>